Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

Threat Advisory: Zero-day vulnerability in Microsoft diagnostic tool MSDT could lead to code execution

A recently discovered zero-day vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) made headlines over the past few days. CVE-2022-30190, also known under the name "Follina," exists when MSDT is called using the URL protocol from an application, such as Microsoft Office, Microsoft... [[ This is only the beginning! Please visit the blog for the complete entry ]]

TALOS
Open in Source
#vulnerability#web#windows#microsoft#cisco#auth#zero_day
Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack

Threat actors already are exploiting vulnerability, dubbed ‘Follina’ and originally identified back in April, to target organizations in Russia and Tibet, researchers said.

Chinese Hackers Begin Exploiting Latest Microsoft Office Zero-Day Vulnerability

An advanced persistent threat (APT) actor aligned with Chinese state interests has been observed weaponizing the new zero-day flaw in Microsoft Office to achieve code execution on affected systems. "TA413 CN APT spotted [in-the-wild] exploiting the Follina zero-day using URLs to deliver ZIP archives which contain Word Documents that use the technique," enterprise security firm Proofpoint said in

New Microsoft Zero-Day Attack Underway

"Follina" vulnerability in Microsoft Support Diagnostic Tool (MSDT) affects all currently supported Windows versions and can be triggered via specially crafted Office documents.

Microsoft Office MSDT Follina Proof Of Concept

Proof of concept for the remote code execution vulnerability in MSDT known as Follina.

Microsoft Releases Workarounds for Office Vulnerability Under Active Exploitation

Microsoft on Monday published guidance for a newly discovered zero-day security flaw in its Office productivity suite that could be exploited to achieve code execution on affected systems. The weakness, now assigned the identifier CVE-2022-30190, is rated 7.8 out of 10 for severity on the CVSS vulnerability scoring system. Microsoft Office versions Office 2013, Office 2016, Office 2019, and

Researchers Warn of New Microsoft Office 0-Day Vulnerability “Follina”

By Deeba Ahmed Nao_Sec cybersecurity researchers state the “odd-looking” MS Word document was uploaded on VirusTotal from a Belarus IP address.… This is a post from HackRead.com Read the original post: Researchers Warn of New Microsoft Office 0-Day Vulnerability “Follina”

Microsoft Office zero-day “Follina”—it’s not a bug, it’s a feature! (It’s a bug)

Researchers around the world are working to understand a new remote code vulnerability in Microsoft Office dubbed Follina. The post Microsoft Office zero-day “Follina”—it’s not a bug, it’s a feature! (It’s a bug) appeared first on Malwarebytes Labs.

Zero-Day ‘Follina’ Bug Lays Older Microsoft Office Versions Open to Attack

Malware loads itself from remote servers and bypasses Microsoft's Defender AV scanner, according to reports.